summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-05-25 19:59:23 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-06-01 17:11:24 +1000
commitbc8d12e59331fb814a58733b68f8ec16cfffa61e (patch)
tree26412c57f119bf30822d22473c8141d3d2ea5b2f
parentdfb206f47e8b9bcf81493e7cb6aed7859fb54042 (diff)
downloadsamba-bc8d12e59331fb814a58733b68f8ec16cfffa61e.tar.gz
samba-bc8d12e59331fb814a58733b68f8ec16cfffa61e.tar.bz2
samba-bc8d12e59331fb814a58733b68f8ec16cfffa61e.zip
s4:ntlmssp Merge ntlmssp structures with version from source3/
Use this as an excuse to get rid of ntlmssp_set_domain() etc, which don't do anything useful now that msrpc_parse() use talloc anyway. Andrew Bartlett
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h17
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c78
2 files changed, 21 insertions, 74 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 6276c9e03e..005414a9f6 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -4,6 +4,7 @@
Copyright (C) Andrew Tridgell 1992-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
Copyright (C) Paul Ashton 1997
+ Copyright (C) Andrew Bartlett 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -54,13 +55,19 @@ struct ntlmssp_state
bool unicode;
bool use_ntlmv2;
bool use_ccache;
- bool use_nt_response; /* Set to 'False' to debug what happens when the NT response is omited */
- bool allow_lm_key; /* The LM_KEY code is not functional at this point, and it's not
- very secure anyway */
-
const char *user;
const char *domain;
- const char *workstation;
+ uint8_t *nt_hash;
+ uint8_t *lm_hash;
+
+ bool use_nt_response; /* Set to 'False' to debug what happens when the NT response is omited */
+ bool allow_lm_key; /* The LM_KEY code is not very
+ secure... */
+
+ struct {
+ const char *netbios_name;
+ const char *netbios_domain;
+ } client;
struct {
bool is_standalone;
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index e7e92695f5..5562180f3a 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -33,51 +33,6 @@
#include "auth/auth.h"
#include "param/param.h"
-/**
- * Set a username on an NTLMSSP context - ensures it is talloc()ed
- *
- */
-
-static NTSTATUS ntlmssp_set_username(struct ntlmssp_state *ntlmssp_state, const char *user)
-{
- if (!user) {
- /* it should be at least "" */
- DEBUG(1, ("NTLMSSP failed to set username - cannot accept NULL username\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- ntlmssp_state->user = talloc_strdup(ntlmssp_state, user);
- if (!ntlmssp_state->user) {
- return NT_STATUS_NO_MEMORY;
- }
- return NT_STATUS_OK;
-}
-
-/**
- * Set a domain on an NTLMSSP context - ensures it is talloc()ed
- *
- */
-static NTSTATUS ntlmssp_set_domain(struct ntlmssp_state *ntlmssp_state, const char *domain)
-{
- ntlmssp_state->domain = talloc_strdup(ntlmssp_state, domain);
- if (!ntlmssp_state->domain) {
- return NT_STATUS_NO_MEMORY;
- }
- return NT_STATUS_OK;
-}
-
-/**
- * Set a workstation on an NTLMSSP context - ensures it is talloc()ed
- *
- */
-static NTSTATUS ntlmssp_set_workstation(struct ntlmssp_state *ntlmssp_state, const char *workstation)
-{
- ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation);
- if (!ntlmssp_state->workstation) {
- return NT_STATUS_NO_MEMORY;
- }
- return NT_STATUS_OK;
-}
-
/**
* Determine correct target name flags for reply, given server role
* and negotiated flags
@@ -276,9 +231,6 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
uint8_t session_nonce_hash[16];
const char *parse_string;
- char *domain = NULL;
- char *user = NULL;
- char *workstation = NULL;
#if 0
file_save("ntlmssp_auth.dat", request.data, request.length);
@@ -297,7 +249,7 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->user = NULL;
ntlmssp_state->domain = NULL;
- ntlmssp_state->workstation = NULL;
+ ntlmssp_state->client.netbios_name = NULL;
/* now the NTLMSSP encoded auth hashes */
if (!msrpc_parse(ntlmssp_state,
@@ -306,9 +258,9 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
&ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation,
+ &ntlmssp_state->domain,
+ &ntlmssp_state->user,
+ &ntlmssp_state->client.netbios_name,
&state->encrypted_session_key,
&auth_flags)) {
DEBUG(10, ("ntlmssp_server_auth: failed to parse NTLMSSP (nonfatal):\n"));
@@ -332,9 +284,9 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
&ntlmssp_command,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- &domain,
- &user,
- &workstation)) {
+ &ntlmssp_state->domain,
+ &ntlmssp_state->user,
+ &ntlmssp_state->client.netbios_name)) {
DEBUG(1, ("ntlmssp_server_auth: failed to parse NTLMSSP:\n"));
dump_data(2, request.data, request.length);
@@ -347,20 +299,8 @@ static NTSTATUS ntlmssp_server_preauth(struct ntlmssp_state *ntlmssp_state,
if (auth_flags)
ntlmssp_handle_neg_flags(ntlmssp_state, auth_flags, ntlmssp_state->allow_lm_key);
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_domain(ntlmssp_state, domain))) {
- return nt_status;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_username(ntlmssp_state, user))) {
- return nt_status;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = ntlmssp_set_workstation(ntlmssp_state, workstation))) {
- return nt_status;
- }
-
DEBUG(3,("Got user=[%s] domain=[%s] workstation=[%s] len1=%lu len2=%lu\n",
- ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->workstation, (unsigned long)ntlmssp_state->lm_resp.length, (unsigned long)ntlmssp_state->nt_resp.length));
+ ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->client.netbios_name, (unsigned long)ntlmssp_state->lm_resp.length, (unsigned long)ntlmssp_state->nt_resp.length));
#if 0
file_save("nthash1.dat", &ntlmssp_state->nt_resp.data, &ntlmssp_state->nt_resp.length);
@@ -702,7 +642,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
user_info->mapped_state = false;
user_info->client.account_name = ntlmssp_state->user;
user_info->client.domain_name = ntlmssp_state->domain;
- user_info->workstation_name = ntlmssp_state->workstation;
+ user_info->workstation_name = ntlmssp_state->client.netbios_name;
user_info->remote_host = gensec_get_remote_address(gensec_ntlmssp->gensec_security);
user_info->password_state = AUTH_PASSWORD_RESPONSE;